Connect
Ask Community
Ask the community
Ask Community
  • Home
  • macOS
  • macOS Blocklist/Allowlist policy fails with “Action not supported” on older enrolled Macs

macOS Blocklist/Allowlist policy fails with “Action not supported” on older enrolled MacsSolved

Profile photo of lucaas
lucaas
Participant
Discussion
Hexnode UEM
2 weeks ago Jun 01, 2026

We have a macOS Blocklisting/Allowlisting policy configured for Blocklist Apps and assigned to all Mac devices through a dynamic device group. New MacBooks enrolled after the policy was created get the profile successfully, but older enrolled MacBooks show the policy as Failed in Action History.

The failed devices show an “action not supported” type error, while newly enrolled devices receive the same Effective Profile without any issue. We also tried assigning the policy directly to affected devices, but the older Macs still failed.

Has anyone seen macOS app blocklist policies behave differently based on when the device was enrolled?

topic view count 11 Views

Tags

macOS (534)
Reply

Replies (2)

Marked SolutionPending Review
Profile photo of sienna_carter Hexnode Expert image
sienna_carter
Hexnode Expert
2 weeks ago Jun 01, 2026
Marked SolutionPending Review

Hi @lucaas,

This can happen if the final effective configuration being deployed to the Mac differs between devices, even when the same policy appears to be assigned. For macOS Blocklisting/Allowlisting policies, check the following on an affected device:

  1. Confirm whether the policy is assigned only through the intended dynamic device group, or whether it is also directly associated with the device or user.
  2. Check for any other app blocklist/allowlist policies targeting the same Mac through another group, user assignment, or test policy.
  3. Remove conflicting or duplicate policies if the same restriction is being applied from multiple sources.
  4. Reapply the Blocklist Apps policy after cleaning up the assignments.
  5. Compare the Action History status again after the effective profile is regenerated.

If the policy works for newly enrolled Macs but fails only on older enrolled Macs, also test the same blocklist policy with another known macOS app. That helps confirm whether the failure is caused by the policy deployment in general or by a specific app entry in the blocklist.

Regards,
Sienna Carter
Hexnode UEM

Marked SolutionPending Review
Profile photo of haniel Veteran image
haniel
Participant
2 weeks ago Jun 01, 2026
Marked SolutionPending Review

I’ve run into something similar with app restriction policies where direct assignment plus group assignment made troubleshooting confusing. The device page showed the policy, but the effective profile wasn’t always what we expected until we removed the extra assignment and deployed the policy again.

Load more
Save
Related Topics

Leaderboard

Popular Tags

ABM (68)
Android (576)
iOS (431)
macOS (534)
Windows (400)
Apple TV (33)
App Management (459)
Enrollment (153)
Location (34)
Kiosk (280)
Scripts (103)
ADE (60)
OS Updates (87)
Android Enterprise (159)
View all